Jeff Trawick wrote: > On Sat, Dec 12, 2009 at 12:26 PM, Jeff Trawick <[email protected]> wrote: >> On Thu, Dec 10, 2009 at 3:28 PM, Ruediger Pluem <[email protected]> wrote: >>> Apparently because of the fix in openssl for the TLS renegotiation issue >>> the following >>> failed tests now pop up in our test suite (trunk and 2.2.x the same): >>> >>> >>> Failed Test Stat Wstat Total Fail List of Failed >>> ------------------------------------------------------------------------------- >>> t/ssl/basicauth.t 3 2 2-3 >>> t/ssl/env.t 30 15 16-30 >>> t/ssl/extlookup.t 2 2 1-2 >>> t/ssl/fakeauth.t 3 2 2-3 >>> t/ssl/pr12355.t 10 10 1-10 >>> t/ssl/pr43738.t 4 4 1-4 >>> t/ssl/proxy.t 172 10 3-7 116-120 >>> t/ssl/require.t 5 2 2 5 >>> t/ssl/varlookup.t 72 72 1-72 >>> t/ssl/verify.t 3 1 2 >>> 4 tests and 2 subtests skipped. >> I picked up almost identical failures on 2.2.14 on OpenSolaris when >> moving to a dev build with 0.9.8l from a dev build with 0.9.8k. At >> least a few of those testcases mention renegotiation. As I also >> picked up another failure that didn't seem to be related, I'll try to >> find time to perform before/after testing with just the OpenSSL k->l >> change. > > A straight k->l comparison shows exactly the same failures as you with > httpd trunk/apr[-util] 1.4 HEAD on a recent OpenSolaris dev build. >
I'd suggest you try OpenSSL 0.9.8-dev (i.e. a recent snapshot). Renegotiation is now possible but only with itself (which presumably that tests). The only thing that is not allowed is renegotiation with the deprecated SSLv2. If there are still any problems I'll check them. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
